On Sun, Nov 01, 2009 at 09:06:48AM +0100, Luca Berra wrote: > On Sun, Nov 01, 2009 at 03:05:31AM +0100, Arno Wagner wrote: >> One pice of meta-advice may be appropriate: >> >> Try for simplicity. If you feel your solution is getting >> too complex to understand it in one go, try very hard to >> find a simpler one. Complex solutions are not only a lot >> more likely to fail, the chances for them to be secure >> are a lot worse. > The solution i proposed at the beginning, encrypt the pv, was the > simplest and more secure one, it also prevented any possible leak. > Alas it does not work in the op environment, so we have to find a better > one. > Here comes solution two, snapshot the lv, it is still quite simple, > there is the possibility of some information leak, but i don't really > believe the cow table and some modified sector are enough material for > cryptanalysis. > But solution two fails, I can luksOpen either the original lv or the > snapshot, but not both at the same time. I have no idea if this is a > intended, a bug, or if i am overlooking something obvious. > >> Incidentially, the ooriginal question was about file backups, not >> snapshots. If you want a snapshot and >> can afford to umount the device, just use dd. > incidentally it was about snapshots, but your advice about dd makes me > realize you have no idea what a snapshot is. Actually I do know what a snapshot is. You are thinking of a more complex operation it seems, namely snapshot taking and then conventional, file based backup of the snapshot. No reason why an encryption layer should add problems. Of course you need to snapshot the encrypted volume, and you may want to sync or better umount the volume during snapshot taking. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
